add header to prevent iframes

author: elijah <elijah@riseup.net> 2013-07-11 17:55:31 -0700
committer: elijah <elijah@riseup.net> 2013-07-11 17:55:31 -0700
commit: 123babecf44ac0c075337d8d2108019c46b5c9a7 (patch)
tree: 36d47cd32f5af67e3a026bbd74c50d4c1da15aa5 /app/controllers
parent: e7ee261680e42e99d7a5ee2e91987bf92d99b3a4 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 65d4861..9734a33 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,6 +1,7 @@
 class ApplicationController < ActionController::Base
   protect_from_forgery
   before_filter :no_cache_header
+  before_filter :no_frame_header
 
   ActiveSupport.run_load_hooks(:application_controller, self)
 
@@ -25,4 +26,11 @@ class ApplicationController < ActionController::Base
     response.headers["Expires"] = "0"
   end
 
+  #
+  # prevent app from being embedded in an iframe, for browsers that support x-frame-options.
+  #
+  def no_frame_header
+    response.headers["X-Frame-Options"] = "DENY"
+  end
+
 end
author	elijah <elijah@riseup.net>	2013-07-11 17:55:31 -0700
committer	elijah <elijah@riseup.net>	2013-07-11 17:55:31 -0700
commit	123babecf44ac0c075337d8d2108019c46b5c9a7 (patch)
tree	36d47cd32f5af67e3a026bbd74c50d4c1da15aa5 /app/controllers
parent	e7ee261680e42e99d7a5ee2e91987bf92d99b3a4 (diff)